The InfoSec risk assessment process seems easy and straight forward. Send questions, receive answers, review the answer, and send the report. Of course, each step is a mini process in itself. It starts with knowing the vendor, knowing the risk areas, asking the right risk questions to evaluate the risk, and sending corrective actions.
One of the challenges we have seen is having templates for each of these areas. Having completed hundreds of assessments on behalf of our clients, the ComplyScore team has created multiple templates to optimize the entire process.
We will be releasing these templates for the community to share.
The first template will be the questionnaire for collecting vendor inherent risk profile.
Please share your feedback on these templates and any specific areas for which you would like to see templates.